Protection of personal data after the establishment of the Personal Data Protection Office of the Slovak Republic
On September 1, 2002, Act No. 428/2002 Coll. on the protection of personal data (hereinafter referred to as the "law"), which, in an effort to provide a higher level of personal data protection, established a stricter regulation in the area of personal data protection.
On the basis of this law, the office was established as an independent body of state administration with its seat in Bratislava, to which the competences of the commissioner in the area of personal data protection in the entire territory of the Slovak Republic were transferred. As an independent body, the Office supervises the protection of personal data and ensures the protection of the fundamental rights and freedoms of natural persons when processing their personal data on the basis of the law with the aim of guaranteeing the constitutional rights of individuals.
In 2003, the law was evaluated by the European Commission, the result of which was the so-called Summary monitoring report on the state of readiness of the Slovak Republic for membership in the European Union, which resulted in the adoption of the amendment to the law. The evaluation report resulted in a clear request from the European Commission that the office, as a supervisory body in the area of personal data protection, has investigative and intervention powers and performs its functions completely independently, not only from the executive power, but also from the influence of any other state bodies. The independence of the supervisory authority is one of the main requirements and supporting pillars in the performance of supervision over the protection of personal data, as a result of which the office is solely responsible for its activities only to the National Council of the Slovak Republic.
It was also necessary to deal with the content of the Council of Europe Convention No. 108 on the protection of individuals during the automated processing of personal data as amended, and in particular with its Additional Protocol, which became binding for the Slovak Republic on July 1, 2004.
The result of dialogue between the office and the European Commission was the adoption of Act No. 90/2005 Coll. with effect from May 1, 2005 (workingly also known as the "Euronovela"), which amended the law. The provisions of the law were revised in such a way as to ensure the transposition of the directive, to provide increased protection of the rights of natural persons and to streamline the protection of personal data during their processing.
Likewise in this case, the European Commission in 2006 as part of its regular evaluation missions checked the status of the level of adoption of legally binding acts of the European Union related to the area of personal data protection into the legal order of the Slovak Republic, the level of their application in practice and the position and competence of the Office for protection of personal data of the Slovak Republic in the exercise of supervision over the protection of personal data. In this context, a structured dialogue on the protection of personal data between the European Commission and the Office was held at the office, which mainly concerned the level of transposition of the directive into national regulations. As a result of the negotiations, a positive development in the field of personal data protection was noted by the European Commission, but despite this, the European Commission demanded to make several changes and improve the independence of the office due to the full alignment of the law with the directive.
In February 2012, the European Commission repeatedly carried out an assessment in the Slovak Republic, the purpose of which was to check the correct application of the Schengen acquis in the area of personal data protection. The result of the evaluation is the management of conclusions and recommendations, the fulfillment of which will ensure the proper application of the Schengen acquis in the Slovak Republic.
With regard to the conclusions arising from the evaluations of the Slovak Republic, the office prepared a draft of a new law on the protection of personal data in the second half of 2012, which also takes into account the requirements of current application practice. The last major amendment to the law, which significantly introduced changes to this law and strengthened the rights of natural persons to protect their privacy and personal data, was adopted in 2005. Since then, social developments, technological changes as well as requirements in the field of personal data protection have influenced the method of processing and cross-border transfer of an increasing amount of personal data as well as access to it. The draft of the new law reacts more effectively to the constantly developing field of modern information technologies and more comprehensively solves problems from the previous application practice while maintaining the requirements arising from the directive.
The new Personal Data Protection Act was approved by the National Council of the Slovak Republic on April 30, 2013, published in the Collection of Laws under number 122/2013 Coll. on May 28, 2013 and entered into force on July 1, 2013 (hereinafter referred to as the "new law"). The new law primarily reflects the requirements of the European Union placed on the Slovak Republic in the area of personal data protection and the requirements resulting from more than ten years of application practice of the office. Due to the effectiveness of the new law, some rights and obligations of subjects included in the process of personal data processing, as well as the competences of the office, were changed. Some legal institutes were clarified and specified, as well as new ones were introduced, the creation of which was conditioned by the experience of the office from the previous period.
The purpose of the new law is primarily to provide greater legal certainty for all entities involved in the process of processing personal data, also taking into account the high pace of information technology progress and the resulting requirements in the legislative field.